diff --git a/modules/aws-eks/README.md b/modules/aws-eks/README.md
index 8dfd87be1..3cc47c98d 100644
--- a/modules/aws-eks/README.md
+++ b/modules/aws-eks/README.md
@@ -125,7 +125,7 @@ The module is organized with the following directory and file structure:
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.5 |
-| [aws](#requirement\_aws) | ~> 5.83 |
+| [aws](#requirement\_aws) | ~> 6.33 |
| [kubernetes](#requirement\_kubernetes) | ~> 2.35 |
| [time](#requirement\_time) | ~> 0.12 |
| [tls](#requirement\_tls) | ~> 4.0 |
@@ -134,14 +134,14 @@ The module is organized with the following directory and file structure:
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | ~> 5.83 |
+| [aws](#provider\_aws) | ~> 6.33 |
## Modules
| Name | Source | Version |
|------|--------|---------|
-| [eks](#module\_eks) | terraform-aws-modules/eks/aws | 20.33.1 |
-| [karpenter](#module\_karpenter) | terraform-aws-modules/eks/aws//modules/karpenter | 20.33.1 |
+| [eks](#module\_eks) | terraform-aws-modules/eks/aws | 21.15.1 |
+| [karpenter](#module\_karpenter) | terraform-aws-modules/eks/aws//modules/karpenter | 21.0.0 |
## Resources
@@ -203,7 +203,7 @@ The module is organized with the following directory and file structure:
| [enabled\_log\_types](#input\_enabled\_log\_types) | A list of the desired control plane logs to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) | `list(string)` | [
"audit",
"api",
"authenticator"
]
| no |
| [external\_dns\_role\_name](#input\_external\_dns\_role\_name) | IAM role name for external-dns. Leave null to auto-generate using the cluster name. For backward compatibility, set to 'external-dns-Kubernetes'. | `string` | `null` | no |
| [externaldns\_tags](#input\_externaldns\_tags) | Tags to apply to the ExternalDNS IAM resources | `map(any)` | `{}` | no |
-| [fargate\_profiles](#input\_fargate\_profiles) | Define dynamically the different fargate profiles | list(object({
name = string
selectors = list(object({
namespace = string
labels = map(string)
}))
tags = map(string)
})) | `[]` | no |
+| [fargate\_profiles](#input\_fargate\_profiles) | Define dynamically the different fargate profiles (compatibility list, old format) | list(object({
name = string
selectors = list(object({
namespace = string
labels = map(string)
}))
tags = map(string)
})) | `[]` | no |
| [node\_groups](#input\_node\_groups) | Define dynamically the different k8s node groups | `any` | `{}` | no |
| [node\_security\_group\_additional\_rules](#input\_node\_security\_group\_additional\_rules) | Additional rules to add to the node security group | `any` | n/a | yes |
| [parameter\_store\_role\_name](#input\_parameter\_store\_role\_name) | IAM role name for Parameter Store. Leave null to auto-generate per cluster (format: iam\_role\_parameter\_store\_all-). For backward compatibility, use: iam\_role\_parameter\_store\_all. | `string` | `null` | no |
@@ -240,5 +240,5 @@ For detailed examples, refer to the [module examples](https://github.com/prefapp
## Support
-For issues, questions, or contributions related to this module, please visit the repository’s issue tracker: [https://github.com/prefapp/tfm/issues](https://github.com/prefapp/tfm/issues)
+For issues, questions, or contributions related to this module, please visit the [repository’s issue tracker](https://github.com/prefapp/tfm/issues)
\ No newline at end of file
diff --git a/modules/aws-eks/_examples/with_vpc/main.tf b/modules/aws-eks/_examples/with_vpc/main.tf
index 97150216c..34a9262a1 100644
--- a/modules/aws-eks/_examples/with_vpc/main.tf
+++ b/modules/aws-eks/_examples/with_vpc/main.tf
@@ -5,7 +5,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = "~> 5.83"
+ version = "~> 6.33"
}
}
}
diff --git a/modules/aws-eks/docs/footer.md b/modules/aws-eks/docs/footer.md
index 10340d0b4..85006d795 100644
--- a/modules/aws-eks/docs/footer.md
+++ b/modules/aws-eks/docs/footer.md
@@ -15,4 +15,4 @@ For detailed examples, refer to the [module examples](https://github.com/prefapp
## Support
-For issues, questions, or contributions related to this module, please visit the repository’s issue tracker: [https://github.com/prefapp/tfm/issues](https://github.com/prefapp/tfm/issues)
+For issues, questions, or contributions related to this module, please visit the [repository’s issue tracker](https://github.com/prefapp/tfm/issues)
diff --git a/modules/aws-eks/karpenter.tf b/modules/aws-eks/karpenter.tf
index 62cf903a5..5b2052a22 100644
--- a/modules/aws-eks/karpenter.tf
+++ b/modules/aws-eks/karpenter.tf
@@ -1,30 +1,18 @@
module "karpenter" {
count = var.enable_karpenter == true ? 1 : 0
-
source = "terraform-aws-modules/eks/aws//modules/karpenter"
- version = "20.33.1"
+ version = "21.0.0"
cluster_name = var.cluster_name
- iam_role_name = format("%s-karpenter-role", var.cluster_name) # Used to generate the instance profile
- create_iam_role = true
- enable_v1_permissions = true
- enable_irsa = true
-
- iam_role_use_name_prefix = false
- iam_policy_use_name_prefix = true
- node_iam_role_use_name_prefix = false
- irsa_oidc_provider_arn = module.eks.oidc_provider_arn
- irsa_namespace_service_accounts = ["karpenter:karpenter-sa"]
-
- # Since the node group role will already have an access entry
- create_access_entry = true
+ iam_role_name = format("%s-karpenter-role", var.cluster_name) # Used to generate the instance profile
+ create_iam_role = true
+ iam_role_use_name_prefix = false
+ iam_policy_use_name_prefix = true
+ create_access_entry = true
node_iam_role_additional_policies = {
AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
Ec2ExtraPolicy = aws_iam_policy.iam_policy_extra_karpenter[0].arn
}
-
- queue_name = format("karpenter-%s", var.cluster_name)
- tags = var.tags
-
-}
\ No newline at end of file
+ tags = var.tags
+}
diff --git a/modules/aws-eks/locals.tf b/modules/aws-eks/locals.tf
index 4ee9e5f29..4089ece9e 100644
--- a/modules/aws-eks/locals.tf
+++ b/modules/aws-eks/locals.tf
@@ -1,8 +1,32 @@
locals {
- # Get only two of the private subnets to create the cluster
+ # Adaptar fargate_profiles de lista a mapa para el módulo oficial
+ fargate_profiles_map = {
+ for profile in var.fargate_profiles :
+ profile.name => {
+ name = profile.name
+ selectors = profile.selectors
+ tags = profile.tags
+ }
+ }
+
+ # Adapt node_groups for EKS v21.x compatibility (retrocompatible)
node_groups_with_subnets = {
for group_name, group in var.node_groups : group_name => merge(
- group,
+ {
+ # Si el usuario pasa pre_bootstrap_user_data, lo movemos a launch_template.user_data
+ launch_template = (
+ contains(keys(group), "pre_bootstrap_user_data") ? merge(
+ lookup(group, "launch_template", {}),
+ {
+ user_data = group.pre_bootstrap_user_data
+ }
+ ) : (
+ lookup(group, "launch_template", null)
+ )
+ )
+ },
+ # Copiamos el resto de campos, pero quitamos pre_bootstrap_user_data y launch_template antiguos
+ { for k, v in group : k => v if !contains(["pre_bootstrap_user_data", "launch_template"], k) },
{
subnet_ids = (
(lookup(group, "subnet_ids", null) != null)
diff --git a/modules/aws-eks/main.tf b/modules/aws-eks/main.tf
index 7ff74e62e..c17371948 100644
--- a/modules/aws-eks/main.tf
+++ b/modules/aws-eks/main.tf
@@ -15,31 +15,31 @@ locals {
# EKS Cluster Configuration
module "eks" {
- version = "20.33.1"
- source = "terraform-aws-modules/eks/aws"
- cluster_name = var.cluster_name
- cluster_version = var.cluster_version
- cluster_endpoint_private_access = var.cluster_endpoint_private_access
- cluster_endpoint_public_access = var.cluster_endpoint_public_access
- cloudwatch_log_group_retention_in_days = var.cloudwatch_log_group_retention_in_days
- vpc_id = data.aws_vpc.selected.id
- subnet_ids = local.selected_subnet_ids
- create_cluster_security_group = var.create_cluster_security_group
- cluster_security_group_id = var.cluster_security_group_id
- iam_role_arn = var.cluster_iam_role_arn
- create_iam_role = var.create_cluster_iam_role
- enable_irsa = var.enable_irsa
- eks_managed_node_groups = local.node_groups_with_subnets
- node_security_group_additional_rules = var.node_security_group_additional_rules
- cluster_security_group_additional_rules = var.cluster_security_group_additional_rules
- tags = var.tags
- cluster_tags = merge(var.cluster_tags, var.tags)
- cluster_addons = local.cluster_addons
- create_kms_key = var.create_kms_key
- cluster_encryption_config = var.cluster_encryption_config
- access_entries = var.access_entries
- fargate_profiles = var.fargate_profiles
- create_cloudwatch_log_group = var.create_cloudwatch_log_group
- cloudwatch_log_group_class = var.cloudwatch_log_group_class
- cluster_enabled_log_types = var.create_cloudwatch_log_group ? var.enabled_log_types : []
+ version = "21.15.1"
+ source = "terraform-aws-modules/eks/aws"
+ name = var.cluster_name
+ kubernetes_version = var.cluster_version
+ endpoint_private_access = var.cluster_endpoint_private_access
+ endpoint_public_access = var.cluster_endpoint_public_access
+ cloudwatch_log_group_retention_in_days = var.cloudwatch_log_group_retention_in_days
+ vpc_id = data.aws_vpc.selected.id
+ subnet_ids = local.selected_subnet_ids
+ create_security_group = var.create_cluster_security_group
+ security_group_id = var.cluster_security_group_id
+ iam_role_arn = var.cluster_iam_role_arn
+ create_iam_role = var.create_cluster_iam_role
+ enable_irsa = var.enable_irsa
+ eks_managed_node_groups = local.node_groups_with_subnets
+ node_security_group_additional_rules = var.node_security_group_additional_rules
+ security_group_additional_rules = var.cluster_security_group_additional_rules
+ tags = var.tags
+ cluster_tags = merge(var.cluster_tags, var.tags)
+ addons = local.cluster_addons
+ create_kms_key = var.create_kms_key
+ encryption_config = var.cluster_encryption_config
+ access_entries = var.access_entries
+ fargate_profiles = local.fargate_profiles_map
+ create_cloudwatch_log_group = var.create_cloudwatch_log_group
+ cloudwatch_log_group_class = var.cloudwatch_log_group_class
+ enabled_log_types = var.create_cloudwatch_log_group ? var.enabled_log_types : []
}
diff --git a/modules/aws-eks/outputs.tf b/modules/aws-eks/outputs.tf
index a7c2fb036..464ee7c73 100644
--- a/modules/aws-eks/outputs.tf
+++ b/modules/aws-eks/outputs.tf
@@ -112,3 +112,8 @@ output "debug" {
description = "Debug information for mixed addons"
value = local.mixed_addons
}
+
+output "debug_cluster_addons" {
+ description = "Debug: cluster_addons local value passed to EKS module"
+ value = local.cluster_addons
+}
diff --git a/modules/aws-eks/variables.tf b/modules/aws-eks/variables.tf
index bcbb6153d..4b349854d 100644
--- a/modules/aws-eks/variables.tf
+++ b/modules/aws-eks/variables.tf
@@ -136,7 +136,7 @@ variable "vpc_id" {
}
variable "fargate_profiles" {
- description = "Define dynamically the different fargate profiles"
+ description = "Define dynamically the different fargate profiles (compatibility list, old format)"
type = list(object({
name = string
selectors = list(object({
@@ -145,7 +145,6 @@ variable "fargate_profiles" {
}))
tags = map(string)
}))
-
default = []
}
diff --git a/modules/aws-eks/versions.tf b/modules/aws-eks/versions.tf
index f44955a29..72694b1a4 100644
--- a/modules/aws-eks/versions.tf
+++ b/modules/aws-eks/versions.tf
@@ -1,11 +1,11 @@
/*
- This Terraform script is used to specify the required versions for Terraform
- and the providers used in the project.
+ This Terraform script is used to specify the required versions for Terraform
+ and the providers used in the project.
- The AWS provider is required to interact with AWS resources, the Kubernetes
- provider is used to manage Kubernetes resources, the Time provider is used for
- time-based resources, and the TLS provider is used for resources related to
- TLS certificates.
+ The AWS provider is required to interact with AWS resources, the Kubernetes
+ provider is used to manage Kubernetes resources, the Time provider is used for
+ time-based resources, and the TLS provider is used for resources related to
+ TLS certificates.
*/
terraform {
@@ -16,7 +16,7 @@ terraform {
aws = {
source = "hashicorp/aws"
- version = "~> 5.83"
+ version = "~> 6.33"
}
kubernetes = {